Dale Carstensen a écrit : > I searched on the MARC archive for "access denied" and got 30 hits > since 4-30-2009, but none of the subjects looked promising, so here's > a question. > > A local recipient has registered a complaint that correspondents are > getting 554 responses part of the time (not always) when attempting > to send mail to this local recipient. An example message includes: > > 554 554 <mail-gx0-f209.google.com[209.85.217.209]>: Client > host rejected: Access denied (state 14) > > In the interval since the current /var/log/maillog started at > Jun 16 11:00:01, there have been 12 'reject.*Access denied' > entries. 5 of them involve this local recipient. 1 involves > another valid recipient. 6 look like spam to me. > > The 6 with valid local recipients should not have had access > denied, I think. Why did they? > > There are 13 "reject" messages in the log. The other one is an > outgoing message where qwest.net said the recipient is not valid. > There are 15,380 "sent" messages in the log, just to give some > perspective. > > This postfix is somewhat dated. I'm working on a whole new > up-to-date server, but that project has stalled on getting a > conversion to virtual users instead of adding every mail user > as a Unix shell account. The version running is 2.2.8p1 on > OpenBSD 3.9 amd64. > > postconf -n output (names changed to example.com, IP addr to > old/new.ip.range): > > command_directory = /usr/local/sbin > config_directory = /etc/postfix > content_filter = smtp-amavis:[127.0.0.1]:10024 > daemon_directory = /usr/local/libexec/postfix > debug_peer_level = 2 > html_directory = /usr/local/share/doc/postfix/html > mail_owner = _postfix > mailbox_size_limit = 512000000 > mailq_path = /usr/local/sbin/mailq > manpage_directory = /usr/local/man > message_size_limit = 102400000 > mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain > mydomain = example.com > myhostname = host.example.com > mynetworks = old.ip.range.0/23, 127.0.0.0/8, new.ip.range.192/26, 10.9.64.0/18 > myorigin = $mydomain > newaliases_path = /usr/local/sbin/newaliases > queue_directory = /var/spool/postfix > readme_directory = /usr/local/share/doc/postfix/readme > sample_directory = /etc/postfix > sendmail_path = /usr/local/sbin/sendmail > setgid_group = _postdrop > unknown_local_recipient_reject_code = 550 > > Log entries (local names changed to exam...@example.com, remote to > rem...@remote.real-domain..., address of local postfix server to > new.ip.range.host), otherwise "grep 'reject.*Access denied' > /var/log/maillog": > > Jun 16 20:04:47 lacn postfix/smtpd[4529]: NOQUEUE: reject: RCPT from > unknown[67.118.51.103]: 554 <unknown[67.118.51.103]>: Client host rejected: > Access denied; from=<spam...@tiscali.it> to=<spam...@tiscali.it> proto=ESMTP > helo=<Sandy-pnowdsakp> > Jun 17 10:45:45 lacn postfix/smtpd[14521]: NOQUEUE: reject: RCPT from > mx-out.forthnet.gr[193.92.150.104]: 554 <mx-out.forthnet.gr[193.92.150.104]>: > Client host rejected: Access denied; > from=<rem...@real-domain.cha.forthnet.gr> > to=<examp...@host.example.com> proto=ESMTP helo=<mx-out.forthnet.gr> > Jun 17 16:24:09 lacn postfix/smtpd[12055]: NOQUEUE: reject: RCPT from > unknown[66.191.14.222]: 554 <unknown[66.191.14.222]>: Client host rejected: > Access denied; from=<spam...@tiscali.it> to=<spam...@tiscali.it> proto=ESMTP > helo=<SERVER2> > Jun 18 09:08:44 lacn postfix/smtpd[26877]: NOQUEUE: reject: RCPT from > mx-out.forthnet.gr[193.92.150.104]: 554 <mx-out.forthnet.gr[193.92.150.104]>: > Client host rejected: Access denied; > from=<rem...@real-domain.cha.forthnet.gr> > to=<examp...@host.example.com> proto=ESMTP helo=<mx-out.forthnet.gr> > Jun 18 23:53:21 lacn postfix/smtpd[10310]: NOQUEUE: reject: RCPT from > 124-11-136-70.dynamic.tfn.net.tw[124.11.136.70]: 554 > <124-11-136-70.dynamic.tfn.net.tw[124.11.136.70]>: Client host rejected: > Access denied; from=<vi...@gmail.com> to=<vbibi...@gmail.com> proto=SMTP > helo=<new.ip.range.host> > Jun 19 01:40:44 lacn postfix/smtpd[12721]: NOQUEUE: reject: RCPT from > 118-168-111-183.dynamic.hinet.net[118.168.111.183]: 554 > <118-168-111-183.dynamic.hinet.net[118.168.111.183]>: Client host rejected: > Access denied; from=<z200...@yahoo.com.tw> to=<fj39k...@yahoo.com.tw> > proto=SMTP helo=<new.ip.range.host> > Jun 19 09:14:53 lacn postfix/smtpd[10930]: NOQUEUE: reject: RCPT from > mail-gx0-f209.google.com[209.85.217.209]: 554 > <mail-gx0-f209.google.com[209.85. > 217.209]>: Client host rejected: Access denied; > from=<rem...@real-domain.gmail. > com> to=<examp...@host.example.com> proto=ESMTP > helo=<mail-gx0-f209.google.com> > Jun 19 09:14:56 lacn postfix/smtpd[10930]: NOQUEUE: reject: RCPT from > mail-gx0-f209.google.com[209.85.217.209]: 554 > <mail-gx0-f209.google.com[209.85. > 217.209]>: Client host rejected: Access denied; > from=<rem...@real-domain.gmail. > com> to=<examp...@host.example.com> proto=ESMTP > helo=<mail-gx0-f209.google.com> > Jun 19 10:21:44 lacn postfix/smtpd[5512]: NOQUEUE: reject: RCPT from > mx-out.forthnet.gr[193.92.150.104]: 554 <mx-out.forthnet.gr[193.92.150.104]>: > Client host rejected: Access denied; > from=<rem...@real-domain.cha.forthnet.gr> > to=<examp...@host.example.com> proto=ESMTP helo=<mx-out.forthnet.gr> > Jun 20 03:32:55 lacn postfix/smtpd[1723]: NOQUEUE: reject: RCPT from > snt0-omc1-s4.snt0.hotmail.com[65.55.90.15]: 554 > <snt0-omc1-s4.snt0.hotmail.com[ > 65.55.90.15]>: Client host rejected: Access denied; > from=<rem...@real-domain.hotmail.com> to=<examp...@host.example.com> > proto=ESMTP helo=<snt0-omc1-s4.snt0.hotmail.com> > Jun 21 06:10:48 lacn postfix/smtpd[8387]: NOQUEUE: reject: RCPT from > mail-gx0-f209.google.com[209.85.217.209]: 554 > <mail-gx0-f209.google.com[209.85. > 217.209]>: Client host rejected: Access denied; > from=<rem...@real-domain.gmail. > com> to=<examp...@host.example.com> proto=ESMTP > helo=<mail-gx0-f209.google.com> > Jun 21 07:43:31 lacn postfix/smtpd[12774]: NOQUEUE: reject: RCPT from > unknown[119.206.224.135]: 554 <unknown[119.206.224.135]>: Client host > rejected: Access denied; from=<kimjint...@hotmail.com> > to=<kimjintae...@naver.com> proto=SMTP helo=<new.ip.range.host> > > >
you have a rule that calls "REJECT". but your 'postconf -n' shows no restrictions nor header/body checks. a first bet is that the rules are in master.cf.
